Trait mariadb::plugin::encryption::Encryption

source · 
pub trait Encryption: Sized {
    // Required methods
    fn init(
        key_id: u32,
        key_version: u32,
        key: &[u8],
        iv: &[u8],
        same_size: bool
    ) -> Result<Self, EncryptionError>;
    fn update(
        &mut self,
        src: &[u8],
        dst: &mut [u8]
    ) -> Result<usize, EncryptionError>;

    // Provided methods
    fn finish(&mut self, dst: &mut [u8]) -> Result<usize, EncryptionError> { ... }
    fn encrypted_length(key_id: u32, key_version: u32, src_len: usize) -> usize { ... }
}
Expand description

Encryption interface; implement this on encryption context

Required Methods§

source

fn init( key_id: u32, key_version: u32, key: &[u8], iv: &[u8], same_size: bool ) -> Result<Self, EncryptionError>

Initialize the encryption context object.

Parameters:

  • key: the key to use for encryption
  • iv: the initialization vector (nonce) to be used for encryption
  • same_size: if true, the src and dst length will always be the same. That is, ciphers cannot add additional data. The default implementation uses this to select between an AEAD (AES-256-GCM) if additional data is allowed, and a streaming cipher (AES-CBC) when the
  • key_id and key_version: these can be used if encryption depends on key information. Note that key may not be exactly the same as the result of KeyManager::get_key.
source

fn update( &mut self, src: &[u8], dst: &mut [u8] ) -> Result<usize, EncryptionError>

Update the encryption context with new data, return the number of bytes written.

Do not append the initialization vector to the ciphertext, MariaDB keeps track of it separately.

Provided Methods§

source

fn finish(&mut self, dst: &mut [u8]) -> Result<usize, EncryptionError>

Finish encryption. Usually this performs validation and, in some cases, can be used to write additional data.

If init was called with same_size = true, dst will likely be empty.

source

fn encrypted_length(key_id: u32, key_version: u32, src_len: usize) -> usize

Return the exact length of the encrypted data based on the source length. Defaults to the same value.

As this function must have a definitive answer, this API only supports encryption algorithms where this is possible to compute (i.e., compression is not supported).

Note that if initialization was called with same_size = true, this will be ignored. In that case.

Object Safety§

This trait is not object safe.

Implementors§